Move gpu_device type and rules to core policy.
Change-Id: I3ce0b4bd25e078698a1c50242aaed414bf5cb517
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/sepolicy/app.te b/sepolicy/app.te
index 34f3c06..d5d0e8d 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -1,6 +1,2 @@
-# Grant GPU access to all processes started by Zygote.
-# They need that to render the standard UI.
-allow appdomain gpu_device:chr_file { rw_file_perms execute };
-
# Grant access to qmux socket that is created by rild
allow radio rild_qmuxd_socket:sock_file rw_file_perms;
diff --git a/sepolicy/device.te b/sepolicy/device.te
index 645e8d7..ba9b177 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -1,6 +1,3 @@
-# GPU (used by most UI apps)
-type gpu_device, dev_type, mlstrustedobject;
-
type wlan_device, dev_type;
type diag_device, dev_type;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 8099523..6d10487 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1,4 +1 @@
-# Grant GPU access to SurfaceFlinger
-allow surfaceflinger gpu_device:chr_file rw_file_perms;
-
allow surfaceflinger sysfs_surfaceflinger:file rw_file_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index a2abc2e..2a52835 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,6 +1,3 @@
-# Grant GPU access to system services (e.g., PowerManagerService)
-allow system_server gpu_device:chr_file rw_file_perms;
-
# Grant access to Qualcomm MSM Interface (QMI) radio sockets to system services
# (e.g., LocationManager)
qmux_socket(system_server)
